Stuxnet Virus 'Warheads" Could Knock Out Iran's Utility Systems

The Stuxnet virus that has apparently - for now - brought down Iran's nuclear enrichment project, could bring down a lot more, say experts.

Contact Editor

David Lev, 24/11/10 00:05 | updated: 06:25

IEC plant in Hadera (illustrative)

Israel news photo: Flash 90

A secret report by the International Atomic Energy Agency leaked on Tuesday said that Iran had been forced to suspend activity on enriching uranium, because of “technical problems” that have surfaced in thousands of centrifuges at its Natanz nuclear reactor.

The centrifuges, which are used in the enrichment project, were taken out of service, with the entire enrichment project there on hold, the report said – indicating, observers said, that Iran's problems with the particularly malignant Stuxnet computer virus were not yet over.

A weekend article in The New York Times quoted German security expert Ralph Langer as saying that the Stuxnet virus, which he identified in September as the worm that has caused major problems at Iran's Bushehr nuclear plant, was still alive and well, despite Iranian denials. But instead of just disabling centrifuges, the virus can also “confuse” frequency convertors that control all sorts of mechanical and industrial processes, Langer wrote - giving Stuxnet not one, but two "warheads" that could cause severe damage to infrastructure, including water, gas and electric systems.

The virus is also far more virulent than had been thought, Langer said; it was designed to attack control systems manufactured by Germany's Siemens, which are in use in infrastructure throughout the world. The Times article quoted a U.S. security expert who said that “computer security organizations were not adequately conveying the potential for serious industrial sabotage that Stuxnet foretells,” implying that many of the world's power plants, water facilities, and other basic infrastructure that are dependent on automated control systems, are at serious risk.

But while that is possible, says Israeli security expert Rafael Sutnick, there seemed to be little likelihood that Stuxnet would “leak out” to other facilities, based on what we know about it so far.

“Whoever unleashed it on Iran seems to have a tight rein on it,” Sutnick said. “So far, Iran is the only place we've seen the virus active, indicating that it was a specific target and did not reach the country's computer network by chance or accident. Whoever designed this knew what they were doing, and the experts who have analyzed the code say that years of work went into designing it. So I don't see it disabling infrastructure randomly.”

His comments again raise the question of just who might have produced the virus. Already in September, experts were saying that Stuxnet appeared to have been far too sophisticated to have been designed by amateur hackers, and the latest information published by Langer seems to confirm this. Which brings around what has become a perennial question in the Stuxnet saga: If Iran, as Sutnick and other experts say, is being deliberately targeted, does that mean that Israeli experts designed the virus?

“No one knows, and no one will probably ever know,” says Sutnick. “It's interesting that the IAEA report mentions the Natanz facility as having been compromised. Natanz was built eight meters underground and was topped with dozens of meters of reinforced concrete and earth in 2004, in anticipation of a possible attack by Israeli or American 'bunker buster' bombs.

"In other words, Natanz was designed to be the most secure Iranian nuclear site – but it has proven to be as vulnerable as an open computer network, apparently.” Whether Israel was behind the attack is impossible to know, he said – but there's no doubt that the IAEA report has made Israelis happy.